diff options
| author | Hannes Rosenögger <Hannes.Rosenoegger@bva.bund.de> | 2015-02-09 14:35:48 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-02-16 20:10:15 +0100 |
| commit | 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 (patch) | |
| tree | 43f9cf4d556b95f73481df0e6f258600b59f5a51 /lib/backup | |
| parent | 87b413592499ddcf1149d9e2b580f76a13bf625c (diff) | |
| download | gitlab-ce-7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.tar.gz | |
Fix broken access control and refactor avatar upload
This commit moves the note folder from
/public/uploads/note
to
/uploads/note
and changes the uploader accordingly.
Now it's no longer possible to avoid the access control by modifing the url.
The Avatar upload has been refactored to use an own uploader as well
to cleanly seperate the two upload types.
Diffstat (limited to 'lib/backup')
| -rw-r--r-- | lib/backup/manager.rb | 2 | ||||
| -rw-r--r-- | lib/backup/uploads.rb | 40 |
2 files changed, 29 insertions, 13 deletions
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb index ab8db4e9837..06cd40a5b1c 100644 --- a/lib/backup/manager.rb +++ b/lib/backup/manager.rb @@ -1,6 +1,6 @@ module Backup class Manager - BACKUP_CONTENTS = %w{repositories/ db/ uploads/ backup_information.yml} + BACKUP_CONTENTS = %w{repositories/ db/ public/ uploads/ backup_information.yml} def pack # saving additional informations diff --git a/lib/backup/uploads.rb b/lib/backup/uploads.rb index e50e1ff4f13..75d8e18a862 100644 --- a/lib/backup/uploads.rb +++ b/lib/backup/uploads.rb @@ -1,29 +1,45 @@ module Backup class Uploads - attr_reader :app_uploads_dir, :backup_uploads_dir, :backup_dir + attr_reader :app_public_uploads_dir, :app_private_uploads_dir, :backup_public_uploads_dir, + :backup_private_uploads_dir, :backup_dir, :backup_public_dir def initialize - @app_uploads_dir = File.realpath(Rails.root.join('public', 'uploads')) + @app_public_uploads_dir = File.realpath(Rails.root.join('public', 'uploads')) + @app_private_uploads_dir = File.realpath(Rails.root.join('uploads')) @backup_dir = Gitlab.config.backup.path - @backup_uploads_dir = File.join(Gitlab.config.backup.path, 'uploads') + @backup_public_dir = File.join(backup_dir, 'public') + @backup_public_uploads_dir = File.join(backup_dir, 'public', 'uploads') + @backup_private_uploads_dir = File.join(backup_dir, 'uploads') end - # Copy uploads from public/uploads to backup/uploads + # Copy uploads from public/uploads to backup/public/uploads and from /uploads to backup/uploads def dump - FileUtils.mkdir_p(backup_uploads_dir) - FileUtils.cp_r(app_uploads_dir, backup_dir) + FileUtils.mkdir_p(backup_public_uploads_dir) + FileUtils.cp_r(app_public_uploads_dir, backup_public_dir) + + FileUtils.mkdir_p(backup_private_uploads_dir) + FileUtils.cp_r(app_private_uploads_dir, backup_dir) end def restore - backup_existing_uploads_dir + backup_existing_public_uploads_dir + backup_existing_private_uploads_dir - FileUtils.cp_r(backup_uploads_dir, app_uploads_dir) + FileUtils.cp_r(backup_public_uploads_dir, app_public_uploads_dir) + FileUtils.cp_r(backup_private_uploads_dir, app_private_uploads_dir) end - def backup_existing_uploads_dir - timestamped_uploads_path = File.join(app_uploads_dir, '..', "uploads.#{Time.now.to_i}") - if File.exists?(app_uploads_dir) - FileUtils.mv(app_uploads_dir, timestamped_uploads_path) + def backup_existing_public_uploads_dir + timestamped_public_uploads_path = File.join(app_public_uploads_dir, '..', "uploads.#{Time.now.to_i}") + if File.exists?(app_public_uploads_dir) + FileUtils.mv(app_public_uploads_dir, timestamped_public_uploads_path) + end + end + + def backup_existing_private_uploads_dir + timestamped_private_uploads_path = File.join(app_private_uploads_dir, '..', "uploads.#{Time.now.to_i}") + if File.exists?(app_private_uploads_dir) + FileUtils.mv(app_private_uploads_dir, timestamped_private_uploads_path) end end end |